Event ID 18456: User < domain \ computer name > logon failed. Cause: Token-based server access validation failed with infrastructure error

Event Type: Audit failed

Event Source: MSSQLSERVER
Event Type: Login
Event ID: 18456
Date: 2015-4-22
Event: 11:11:21
User: domain \ Computer name
Computer: domain
Describe:
Logon failed for user ' domain \ computer name $ '. Cause: The token-based server access validation failed with an infrastructure error. Please check for previous errors. [Client: 192.168.1.183]


For more information, see the Help and Support Center in http://go.microsoft.com/fwlink/events.asp.
Data:
0000:18 0e 00 00 00 .....
0008:0C XX 5a 00 ....
0010:31 00 43 00 41 00 52 00
0018:44 2d 00 44 00
0020:42 xx xx xx B .....
0028:6d 00 61 00 73 00 74 00
0030:65 xx E.R ...

Analysis and Solution:

Now all we know is this computer: [Domain \ computer name],IP: 192.168.1.183, this computer to connect to the current database server, only to prompt "Audit failed"

But it's not clear what process or service is connected! So there's nothing to analyze about this mistake! ~

Now open SQL Server Profiler to monitor the following events, and note to select the column "ClientProcessID":

Error and Warnings \ errorlog

Error and Warnings \ errorlog

Turn on the trace for a while until the error occurs! ~

This is where you can see the process number clientprocessid=2136

Log on to the server 192.168.1.183, open Task Manager to locate the process number clientprocessid=2136 service

Open the computer service, found that the service is running as "local System", to a domain administrator or other account to run, no longer appear!

Event ID 18456: User < domain \ computer name > logon failed. Cause: Token-based server access validation failed with infrastructure error